Obligations related to duty and liability should be the heart of every compliance program. However, as these tend to be less prescriptive, they tend to be overlooked. This can create an opportunity for very significant risk to the organization.
A recent decision (Sept 7, 2021) involving The Boeing Company concerning the crash of Lion Air Flight 610 highlights corporate liability exposure for claims of breaches of duty of oversight.
While claims involving duty of oversight are difficult for plaintiffs to win, the opinion rendered by the courts suggest that there is concern about the growing risk of breach of the duty of oversight by boards. It is worth noting that Boeing had experienced two tragic air disasters in 5 months. The plaintiffs in the case alleged, among other things, that “The plaintiffs allege that prior to the Lion Air crash, the board had no committees or processes to oversee safety issues; rather, the complaint alleges, the board was focused on production and financial issues. The plaintiffs further alleged that the board did not regularly address or discuss safety issues. The plaintiffs also allege that there were no regular processes to apprise the board of airline safety; rather the information flow was ad hoc and dictated by management rather than by the board itself.”
The risks associated with duty of oversight or more generally duty and liability obligations should be a board level concern and cannot be solely delegated to management. As suggested by the author of the court’s decision analysis, boards should at a minimum:
- Conduct a comprehensive review of their companies’ operations to identify particular functions that could be viewed as mission critical.
- With respect to the mission critical operations, boards should ensure that they have reporting processes to ensure that the board can supervise the key operations.
- Not be dependent on management for identifying issues with respect to the mission critical operations but should have board inquiry and review processes in place.
- The board should document its involvement in these oversight processes.
The comprehensive management of oversight obligations may well be the best defence against breach of duty and liability claims.
The first step is to make oversight obligations topmost of all obligations register and compliance program. This will ensure that oversight requirements (including those listed above) are considered in every audit and board review.
To provide further assurance it is important to keep track of actions that cut across organizational structures. Using an integrated company-wide system will help verify that required actions have been completed and not forgotten.